Pre-formed instructions for a mobile cloud service

ABSTRACT

Methods, systems, and computer readable mediums are disclosed for introducing pre-formed instruction sets to a mobile cloud service. In some examples, an archive file, such as a .zip file, can include two sets of files: 1) logic for creating an application programming interface (API) and connecting the API with backend service behind a corporate enterprise network&#39;s firewall, and 2) custom user-code. In such examples, the API can connect through defined channels to the back end service. In some examples, the custom user code can execute in a secure virtual machine (VM) on the cloud service. In such examples, the custom user code can perform error checks on data, recalculate or reformat data, or otherwise modify it before sending to a user&#39;s mobile device or receiving from a user&#39;s device.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims the benefit of and priority to U.S. ProvisionalPatent Application No. 62/314,149 filed Mar. 28, 2016 and entitled“Mobile Cloud Service (MCS) Templates,” the entire disclosure of whichis hereby incorporated by reference for all purposes.

COPYRIGHT

A portion of the disclosure of this patent document contains materialwhich is subject to copyright protection. The copyright owner has noobjection to the facsimile reproduction by anyone of the patent documentor the patent disclosure, as it appears in the Patent and TrademarkOffice patent file or records, but otherwise reserves all copyrightrights whatsoever.

BACKGROUND

Mobile applications generally operate by communicating with a server todetermine content to display on a mobile phone. Both the mobile phoneand the server can include a portion of the mobile application. Theportion on the server (sometimes referred to as server-side application)can respond to requests from the portion on the mobile phone (sometimesreferred to as client-side application). In some examples, the requestscan use hypertext transfer protocol (HTTP). The server-side applicationcan typically store persistent data and cannot be seen by a user of themobile phone. The client-side application can be included on the mobilephone and respond to one or more inputs, including a user input. Theclient-side application can use hypertext markup language (HTML),cascading style sheets (CSS), or JavaScript.

In some examples, the server-side application can include a programminginterface (e.g., application programming interface) that allows theclient-side application to communicate with the server-side application.The server-side application can further include at least one or more ofsoftware code associated with responding to communications from theclient-side application and one or more connectors to connect theserver-side application to one or more backend systems (e.g., adatabase). The one or more connectors can also format and shape data forviewing on the mobile phone by the client-side application when the datais received from the backend system).

BRIEF SUMMARY

The present disclosure relates generally to systems, methods, andcomputer readable mediums for providing a server-side portion of amobile application. In particular, processes for importing and exportinga server-side application that can easily connect with the mobileapplication are provided. The server-side application can include atleast one or more of custom code associated with a mobile applicationand a programming interface for interacting between the server-sideapplication and the client-side application. The server-side applicationcan further include one or more connectors to interface between theserver-side application and a backend system.

Provided are devices, computer-program products, and methods forintroducing a pre-formed instruction set to a mobile cloud service. Forexample, a method can include extracting a first set of files and asecond set of files. In some examples, the first and second set of filescan be extracted from an archive file package. In some examples, thefirst set of files can include logic for creating an applicationprogramming interface (API). In such examples, the first set of filescan also include logic for connecting the API with a backend service. Insome examples, the second set of files can include software code. Insome examples, the archive file package can received from a remotedevice.

The method can further include creating an API using the logic in thefirst set of files and connecting the API with a backend service in acloud service. In some examples, the API can be connected using thelogic for connecting the API with a backend service. The method canfurther include executing the software code of the second set of filesin a user space of the cloud service.

In some implementations, the method can further include receiving arequest from a mobile device. In some examples, the request can bereceived through a firewall. In such examples, the request can query forinformation or data from a server-side application. In such examples,the method can further include dispatching the request to the softwarecode using the API according to logic in a first virtual machine. Insuch examples, the API can connect with the backend service outside ofthe firewall. In some examples, the method can further includegenerating a response to the request using the software code. In suchexamples, the software code can be executing in a user sandbox area of asecond virtual machine. The method can further include routing theresponse from the backend service to the mobile device.

The terms and expressions that have been employed are used as terms ofdescription and not of limitation, and there is no intention in the useof such terms and expressions of excluding any equivalents of thefeatures shown and described or portions thereof. It is recognized,however, that various modifications are possible within the scope of thesystems and methods claimed. Thus, it should be understood that,although the present system and methods have been specifically disclosedby examples and optional features, modification and variation of theconcepts herein disclosed may be resorted to by those skilled in theart, and that such modifications and variations are considered to bewithin the scope of the systems and methods as defined by the appendedclaims.

This summary is not intended to identify key or essential features ofthe claimed subject matter, nor is it intended to be used in isolationto determine the scope of the claimed subject matter. The subject mattershould be understood by reference to appropriate portions of the entirespecification of this patent, any or all drawings, and each claim.

The foregoing, together with other features and examples, will bedescribed in more detail below in the following specification, claims,and accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of a block diagram of a computingenvironment.

FIG. 2 illustrates an example of a server-side application.

FIG. 3 is a flowchart illustrating an example of a process for creatinga package for a server-side application.

FIG. 4 is a flowchart illustrating an example of a process forinstalling a package of a server-side application.

FIG. 5 is a flowchart illustrating an example of a process forresponding to a request to a server-side application from a client-sideapplication on a mobile device.

FIG. 6 illustrates an example of relationships between entities.

FIG. 7 depicts a simplified diagram of a distributed system.

FIG. 8 is a simplified block diagram of components of a systemenvironment by which services provided by the components may be offeredas cloud services.

FIG. 9 illustrates an exemplary computer system by which servicesprovided by one or more components may be offered as cloud services.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, specificdetails are set forth in order to provide a thorough understanding ofexamples of this disclosure. However, it will be apparent that variousexamples may be practiced without these specific details. The figuresand description are not intended to be restrictive.

The ensuing description provides examples only, and is not intended tolimit the scope, applicability, or configuration of this disclosure.Rather, the ensuing description of the examples will provide thoseskilled in the art with an enabling description. It should be understoodthat various changes may be made in the function and arrangement ofelements without departing from the spirit and scope of the descriptionas set forth in the appended claims.

Specific details are given in the following description to provide athorough understanding of the examples. However, it will be understoodby one of ordinary skill in the art that the examples may be practicedwithout these specific details. For example, circuits, systems,networks, processes, and other components may be shown as components inblock diagram form in order not to obscure the examples in unnecessarydetail. In other instances, well-known circuits, processes, algorithms,structures, and techniques may be shown without unnecessary detail inorder to avoid obscuring the examples.

Also, it is noted that individual examples may be described as a processwhich is depicted as a flowchart, a flow diagram, a data flow diagram, astructure diagram, or a block diagram. Although a flowchart may describethe operations as a sequential process, many of the operations can beperformed in parallel or concurrently. In addition, the order of theoperations may be re-arranged. A process is terminated when itsoperations are completed, but could have additional steps not includedin a figure. A process may correspond to a method, a function, aprocedure, a subroutine, a subprogram, etc. When a process correspondsto a function, its termination can correspond to a return of thefunction to the calling function or the main function.

The term “machine-readable storage medium” or “computer-readable storagemedium” includes, but is not limited to, portable or non-portablestorage devices, optical storage devices, and various other mediumscapable of storing, containing, or carrying instruction(s) and/or data.A machine-readable storage medium or computer-readable storage mediummay include a non-transitory medium in which data can be stored and thatdoes not include carrier waves and/or transitory electronic signalspropagating wirelessly or over wired connections. Examples of anon-transitory medium may include, but are not limited to, a magneticdisk or tape, optical storage media such as compact disk (CD) or digitalversatile disk (DVD), flash memory, memory or memory devices. Acomputer-program product may include code and/or machine-executableinstructions that may represent a procedure, a function, a subprogram, aprogram, a routine, a subroutine, a module, a software package, a class,or any combination of instructions, data structures, or programstatements. A code segment may be coupled to another code segment or ahardware circuit by passing and/or receiving information, data,arguments, parameters, or memory contents. Information, arguments,parameters, data, etc. may be passed, forwarded, or transmitted via anysuitable means including memory sharing, message passing, token passing,network transmission, etc.

Furthermore, examples may be implemented by hardware, software,firmware, middleware, microcode, hardware description languages, or anycombination thereof. When implemented in software, firmware, middlewareor microcode, the program code or code segments to perform the necessarytasks (e.g., a computer-program product) may be stored in amachine-readable medium. A processor(s) may perform the necessary tasks.

Systems depicted in some of the figures may be provided in variousconfigurations. In some examples, the systems may be configured as adistributed system where one or more components of the system aredistributed across one or more networks in a cloud computing system.

Where components are described as being “configured to” perform certainoperations, such configuration can be accomplished, for example, bydesigning electronic circuits or other hardware to perform theoperation, by programming programmable electronic circuits (e.g.,microprocessors, or other suitable electronic circuits) to perform theoperation, or any combination thereof.

The present disclosure relates generally to systems, methods, andcomputer readable mediums for providing a server-side portion of amobile application. In particular, processes for importing and exportinga server-side application that can easily connect with the mobileapplication are provided. The server-side application can include atleast one or more of custom code associated with a mobile applicationand a programming interface for interacting between the server-sideapplication and the client-side application. The server-side applicationcan further include one or more connectors to interface between theserver-side application and a backend system.

FIG. 1 illustrates an example of a block diagram of a computingenvironment 100 for facilitating communication between a mobilecomputing device 102 and one or more enterprise computer systems, suchas a cloud computing system 140 and an on-premise enterprise computersystem 150. Such communications may be to exchange or transferenterprise data, request services provides by an enterprise computersystem, communicate messages, or combinations thereof.

An enterprise computer system can include various computing systems thatare configured to operate for an entity or an enterprise. For example,an enterprise computer system can include one or more computer systems,such as an enterprise server computer (e.g., a back-end servercomputer), to handle requests for services. An enterprise computersystem may include applications and/or services, which can processand/or operate using enterprise data. For example, enterprise computersystem 150 may provide one or more services and/or applications formanaging or operating an enterprise. Services may include, withoutrestriction, customer relationship management (CRM), human capitalmanagement (HCM), human resource (HR) management, supply chainmanagement, enterprise communication, email communication, businessservices, other enterprise management services or applications, orcombinations thereof. Enterprise computer system 150 may include one ormore computer systems dedicated to providing one or more services. Insome examples, each different computer system providing a service may belocated on-premise of an enterprise or may be located remotely from anenterprise. In some examples, multiple different computer systemssupporting different services may be situated in a single geographicallocation, such as on-premises of an enterprise. In the example shown inFIG. 1, on-premises enterprise computer system 150 may include an HRsystem 154 and a CRM system 156, both of which may be locatedon-premises of an enterprise. In some examples, enterprise computersystem 140 may include or implement an agent system 152 to facilitate orhandle communication between cloud computer system 110 and one or moreenterprise systems 154, 156. Enterprise computer systems, such as cloudenterprise computer system 140 and on-premise enterprise computer system150 are described below in further detail.

The computer environment 100 may include a mobile cloud service (“MCS”)112 implemented to operate as a secure intermediary computingenvironment that may facilitate communication between the computingdevice 102 and one or more enterprise computer systems because computingdevice 102 may not be configured to communicate with such enterprisecomputer systems. For example, some enterprise computer systems may besupported by legacy or back-end computer systems. Such systems may beconfigured to operate using different communication and/or securityprotocols. The protocols supported by such enterprise computer systemsmay be different from those supported by mobile computing devices. MCS112 may support communication with different types of mobile computingdevices. As such, MCS 112 may implement techniques to facilitatecommunication between enterprise computer systems and mobile computingdevices to enable them to communicate with each other despite theirincompatibilities in communication, such as differences between formatsor communication protocols. For example, MCS 112 may translatecommunication protocols between mobile computing devices and enterprisecomputer systems.

Cloud computer system 110 may support MCS 112. Cloud computer system 110may be implemented using hardware, software, firmware, or combinationsthereof. For example, cloud computer system 110 may include one or morecomputing devices, such as a server computer. Cloud computer system 110may include one or more memory storage devices and one or moreprocessors. A memory storage device can be accessible to theprocessor(s) and can include instructions stored thereon which, whenexecuted by the processor(s), cause the processor(s) to implement one ormore operations disclosed herein. In some examples, the memory storagedevices may operate as local storage (e.g., cache). Cloud computersystem 110 may include different kinds of operating systems. A memorystorage device may be accessible to the processor(s) and may includeinstructions stored thereon which, when executed by the processor(s),cause the processor(s) to implement one or more operations, methods, orprocesses disclosed herein. The memory storage may operate as localstorage. Local storage may be implemented using any type of persistentstorage device, such as a memory storage device or othercomputer-readable storage medium. In some examples, local storage mayinclude or implement one or more databases (e.g., a document database, arelational database, or other type of database), one or more filestores, one or more file systems, or combinations thereof. The localstorage may store enterprise data.

In certain examples, cloud computer system 110 may include one or moredata stores, such as a metadata repository 124, diagnostics store 126,and an analytics store 128. The data stores 124, 126, 128 may beaccessible by any component in cloud computer system 110.

Metadata repository 124 may store all the metadata associated with MCS112. This information may be composed of both run-time and design-timedata, each having their own requirements on availability andperformance. A tenant or subscriber of MCS 112 may have any number ofapplications (sometimes referred to herein as a server-sideapplication). Each application may be versioned and may have anassociated zero or more versioned resource APIs and zero or moreversioned services implementations those resource applicationprogramming interface (API) contracts. These entities are what therun-time uses to map virtual requests (mAPIs) to the concrete serviceimplementation (service). This mapping provides a mobile developer withthe luxury of not having to know the actual implementation service whenshe designs and builds her application. As well as not requiring her tohave to republish a new application on every service bug fix. Metadatarepository 124 may store one or more callable interfaces, which may beinvoked by a computing device (e.g., computing device 102). The callableinterfaces may be customizable by a user (e.g., a developer) of anapplication to facilitate communication with MCS 112. Metadatarepository 124 may store metadata corresponding to one or moreconfigurations of a callable interface. Metadata repository 124 may beconfigured to store metadata for implementing a callable interface. Thecallable interface may be implemented to translate between a one format,protocol, or architectural style for communication and another format,protocol, or architectural style for communication. Metadata repository124 may be modifiable by an authenticated user via the external network.

A server-side application can be used to remotely perform operationsassociated with a mobile application. For example, the server-sideapplication can respond to requests for data by the mobile application,store information associated with the mobile application, and sendcontent to the mobile application. In some examples, the server-sideapplication can serve the mobile application.

In some examples, the MCS 112 can further include a backend system. Thebackend system can assist the server-side application in performingoperations. For example, the backend system can be where information isstored, computations are performed, or any other actions are performedto supplement the server-side application. In other examples, thebackend system can be remote from the MCS 112. In such examples, theserver-side application can communicate with the backend system using anetwork (e.g., the Internet).

Diagnostics store 126 may store diagnostics information about processingoccurring in MCS 112. Diagnostics store 126 may store messagescommunicated via MCS 112 and log information. Analytics store 128 maystore logging and analytics data captured during processing in thesystem.

On behalf of MCS 112, cloud computer system 110 may utilize itscomputing resources to enable execution of custom code 116 (e.g.,operations, applications, methods, functions, routines, or the like). Insome examples, the custom code can be executed in a user sandbox area. Auser sandbox area can be an environment that isolates code executed inthe user sandbox area. In some examples, a user sandbox can be anenvironment that parametrizes and encapsulated code execution withinitself. Computing resources may be allocated for use with respect to aparticular user associated as a subscriber or tenant to MCS 112.Resources may be allocated with respect to a user, a device, anapplication, or other criterion related to a subscriber. MCS 112 may bescaled in or out, depending on the demand of mobile computing devicesseeking to communicate with enterprise computer systems. MCS 112 can beconfigured such that it is elastic to handle surges and temporaryperiods of higher than normal traffic between mobile computing devicesand enterprise computer systems. In some examples, MCS 112 may includeelements that support scalability such that components may be added orreplaced to satisfy demand in communication.

Computing device 102 may communicate (e.g., send a request message) withMCS 112 to request service provided by an enterprise computer system.Computing device 102 (e.g., a mobile computing device) may beimplemented using hardware, firmware, software, or combinations thereof.Computing device 102 may communicate with enterprise computer systems140, 150 via MCS 112. Computing device 102 may include or may beimplemented as an endpoint device, a personal digital assistant (PDA), atablet computer, a laptop computer, a mobile computing device, a desktopcomputer, a wearable computer, a pager, etc. Computing device 102 mayinclude one or more memory storage devices and one or more processors.Computing device 102 may include different kinds of operating systems. Amemory storage device may be accessible to the processor(s) and mayinclude instructions stored thereon which, when executed by theprocessor(s), cause the processor(s) to implement one or moreoperations, methods, or processes disclosed herein. The memory storagemay operate as local storage. Local storage may be implemented using anytype of persistent storage device, such as a memory storage device orother computer-readable storage medium. In some examples, local storagemay include or implement one or more databases (e.g., a documentdatabase, a relational database, or other type of database), one or morefile stores, one or more file systems, or combinations thereof. Thelocal storage may store enterprise data.

In various examples, computing device 102 may be configured to executeand operate one or more applications such as a web browser, a clientapplication, a proprietary client application, or the like (e.g., aserver-side application). The applications can include specificapplications configured for enterprise data and/or services provided byan enterprise computer system. Client applications may be accessible oroperated via one or more network(s). Applications may include agraphical user interface (GUI) for operating the application.

Computing device 102 may communicate with MCS 112 via one or morecommunication networks using wireless communication. Examples ofcommunication networks may include a mobile network, a wireless network,a cellular network, a local area network (LAN), a wide area network(WAN), other wireless communication networks, or combinations thereof.In certain examples, computing device 102 may establish a communicationconnection 114 with MCS 112 using a custom communication protocol (e.g.,a custom protocol). Connection 114 may be established with MCS 112through cloud computer system 110. The custom protocol may be anHTTP-based protocol. By utilizing a custom communication protocol,computing device 102 may operate on any computing device platform tocommunicate with cloud computer system 110.

Computing device 102 may communicate with cloud computer system 110through one or more callable interfaces, e.g., application programminginterfaces (APIs). A callable interface may be implemented on computingdevice 102. The callable interface may be implemented for customapplications that enable those applications to communicate with MCS 112.In some examples, a callable interface may be developed for MCS 112. Thecallable interface may enable applications to communicate with MCS 112without having to adapt to differences in protocols (e.g., communicationor development protocols) and/or architectural styles or formats.

MCS 112 may be protected by one or more firewalls 104, 130 to provide asecure environment to process requests and execute custom code 116.Communication between computing device 102 and MCS 112 may be separatedby an external communication firewall 104. Firewall 104 may be connectedwith cloud computer system 110 to facilitate secure access to MCS 112.Firewall 104 may permit communication of messages between cloud computersystem 110 and computing devices (e.g., computing device 102). Suchmessages (e.g., HTTP messages or REST messages) may conform to acommunication protocol (e.g., HTTP or REST), which may be supported by acallable interface. In another example, a message between cloud computersystem 110 and computing device 102 may conform to a communicationprotocol such as Speedy (SPDY). MCS 112 may manage firewall 130 tosecure communication between cloud computer system 110 and enterprisecomputer systems 140, 150. Firewall 130 may permit communication ofmessages between cloud computer system 110 and computing devices (e.g.,computing device 102). Such messages (e.g., SPDY messages, HTTP messagesor REST messages) may conform to a communication protocol (e.g., SPDY,HTTP, or REST). Communication between computing device 102 andenterprise computer systems 140, 150 may be two-way via MCS 112.

Because communication with computing device 102 and enterprise computersystems 140, 150 may occur via an unsecure, public network, firewalls104, 130 provide an added layer of protection for communications to andfrom MCS 112. Firewalls 104, 130 may enable MCS 112 to distinguish itsinternal network from an external network connecting computing device102 and enterprise computer systems 140, 150. In some examples,firewalls 104, 130, although shown as two distinct firewalls, may beimplemented as a single firewall that encapsulates MCS 112.

Cloud computer system 110 may further operate as an intermediarycomputing environment by communicating with enterprise computer systems,some of which may have different communication protocols. Suchcommunication protocols may be custom or specific to an application orservice in communication with cloud computer system 110. Further, cloudcomputer system 110 may communicate with an enterprise computer systemto provide enterprise services and/or to exchange enterprise dataaccording to a format supported by the enterprise computer system. Cloudcomputer system 110 may maintain local storage (e.g., local cache) ofenterprise data and may use the local storage to manage synchronizationof the enterprise data between mobile computing devices and enterprisecomputer systems 140, 150.

Computing device 102 may communicate (e.g., send a request message) withMCS 112 to request service provided by an enterprise computer system.Requests that are received through firewall 104 may be processed firstby security service 132. Security service 132 may manage securityauthentication for a user associated with a request. Thus, a cloudcomputer system may provide technical advantages that include providingsecurity mechanisms described herein which may protect the integrity ofcustomer communications and enterprise data. Technical advantages ofcloud computer system may include preventing or reducing compromisedcommunications and/or data from being compromised, authentication mayoccur initially, restricting access to only those who have the requiredcredentials. Technical advantages of cloud computer system may includethe services and service invocation flow being structured such that asrequests come in they may only be able to access services for which theyare authorized. By decoupling authorization from the rest of the system,processing may include the task of authorizing “what can be done bywhom” being delegated to a dedicated provisioned security subsystem(e.g., an identity management system) that may be expanded to supportwhatever additional custom security measures are required by a specificcorporate customer. In some examples, security authentication may bedetermined for a request, a session, a user, a device, other criterionrelated to the user, or combinations thereof. Security authenticationmay be performed for each request that is received. In some examples,security service 132 may determine authentication based on a previousverification of a request. Security authentication may be determined fora user or a device such that requests to different enterprise computersystems 140, 150 may be authenticated based on a single verification ofsecurity.

In some examples, security service 132 may determine a security protocolfor a requested enterprise computer system and accordingly generate asecurity token according to such security protocol. The security tokenmay be passed along with a request to an enterprise computer system toenable that enterprise computer system to verify authentication based onthe generated security token. Enterprise computer systems may supportdifferent security protocols. A security protocol may be a standard bywhich security is determined. Security may be verified based on asecurity token that is generated by security service 132. Securityservice 132 may determine a security protocol for an enterprise computersystem identified for a request. In some examples, an enterprisecomputer system 150 may have an agent system 152, which may beconfigured or implemented according to a custom or specific securityprotocol supported by MCS 112. As such, MCS 112 may generate a securitytoken according to such custom security protocol.

Cloud computer system 110 may include, implement, and/or communicatewith one or more load balancer systems 106, 108. Upon determiningsecurity authentication, cloud computer system 110 may request any oneof load balancer systems 106, 108 to examine a request that it receivesand to detect which service the request is directed to. MCS 112 may beconfigured with load balancers 106, 108 and updated with resources thatget started up, so that when a request comes in, load balancers 106, 108can balance a requested load across the different resources.

Cloud computer system 110 may include a dispatcher 118 that may handlerequests and dispatch them to the appropriate service. A request may berouted to an appropriate service upon dispatch. In some examples, aservice itself may route an internal request to another internal servicein MCS 112 or in an enterprise computer system. In some examples,dispatcher 118 may resolve a request to determine its destination basedon a location (e.g., an address) of a destination identified in auniform resource identifier (URI) and/or a uniform resource locator(URL) of the request. Dispatcher 118 may parse a request and its headerto extract one or more of the following information: tenant identifier,service identifier, application name, application version, requestresource, operation and parameters, etc. Dispatcher 118 can use theparsed information to perform a lookup in metadata repository 124.Dispatcher 118 may retrieve a corresponding application metadata.Dispatcher 118 may determine the target service based on the requestedresource and the mappings in the metadata. While initially a very basicmapping, the metadata can be enhanced to provide for more sophisticated,rules-based dispatching. Dispatcher 118 may perform anydispatcher-specific logging, metrics gathering, etc. Dispatcher 118 maythen perform initial authorization according to the applicationmetadata. Dispatcher 118 may format the inbound request and any othernecessary information and place the message on routing bus 120 forfurther processing. Dispatcher 118 may place a request on a queue andawait the corresponding response. Dispatcher 118 may process responsesreceived from routing bus 120 and return a response to computing device102.

In addition to handling the dispatching for external requests,dispatcher 118 may also play a role in dispatching internal requests.Such internal requests can come in the form of composite services orcustom code invocations to services. In both cases, the caller could usea logical service name as defined within the application. Dispatcher 118may use the current execution context to determine the application anduse that logical name to determine the appropriate service to invoke.

Cloud computer system 110 may include a routing bus 120 to managedeliver of messages to destinations registered with routing bus 120.Routing bus 120 may operate as a central system for managingcommunications in cloud service 112. Data communicated through routingbus 120 may be processed to capture and store the data. Routing bus 120may provide a framework so that additional centralized services(additional authorization, debugging, etc.) can be plugged in easily asnecessary. Data captured by routing bus 120 may be stored in diagnosticsstore 126 and/or analytics store 128.

Routing bus 120 may route messages to one or more destinations. In someexamples, a message may include a request to execute custom code 116. Insuch examples, routing bus 120 may request 134 custom code 116 to beinvoked. In some examples, routing bus 120 may pass on a request to adestination enterprise computer system identified by information in arequest. Routing bus 120 may request 136 an adaptor interface 122 toperform translations, if necessary, to pass a request to an enterprisecomputer system, e.g., enterprise computer system 140 or enterprisecomputer system 150.

In certain examples, cloud computer system 110 may include or implementadaptor interface 122 to translate or convert a message to a protocolsupported by a receiving enterprise computer system. Adaptor interface122 may establish separate communication connections with each ofenterprise computer systems 140, 150. Cloud computer system 110 may beconfigured to communicate with enterprise computer systems 140, 150 viaone or more networks (not shown). Examples of communication networks mayinclude the Internet, a mobile network, a public network, a wirelessnetwork, a cellular network, a local area network (LAN), a wide areanetwork (WAN), other communication networks, or combinations thereof. Incertain examples, communication connections may be high-speedcommunication connections facilitated using high-speed communicationtrunks. Communication with an enterprise computer system 140, 150 maypass through firewall 130 which ensures that communication with anexternal network is secure to prevent unauthorized access to MCS 112 viasuch communications.

In some examples, cloud computer system 110 may facilitate notificationsto a user of computing device 102. Cloud computer system 110 may includean alert management service that supports stateful interaction with auser, for example to deliver an alert based on user preferences throughone or more channels, wait for a response, and take action based on theresponse. Responses to an alert sent on one channel may be receivedthrough another channel, which the service needs to be able to handle.The platform may come with built-in state models for popular interactionpatterns and be extensible with new state models. Some alert channelsmay include known communication resources, either one-way or two-way.Examples include SMS, Twitter®, push notifications, and Google CloudMessaging®.

In some examples, cloud computer system 110 may enable computing deviceto access and/or request one or more services, such as an object storeservice, database service, access web services, social services,resource services, or combinations thereof.

Cloud computer system 110 may provide an object store service that mayprovide a storage facility for BLOBs. The basic unit of storage can betext, with read and write operations. A basic query facility for JSONobjects may also be offered.

Cloud computer system 110 may provide a database service to allow forconnectivity to hosted databases for performing queries or writes.Required parameterization may require the full connection string for thedatabase, the SQL string or stored procedure to execute, any parametersand possibly credentials. The necessary information can be provided atrun time or be pre-configured in the application metadata.

Cloud computer system 110 may provide access to web services such asSimple Access Object Protocol (SOAP) web services. Cloud computer system110 may provide access to REST services, such as connectivity toarbitrary REST resources.

Cloud computer system 110 may provide access to social services that mayprovide basic integration with many of the popular social sites such asFacebook®, Twitter®, etc. These services may allow for third partyauthentication using the user's credentials from those sites as well asaccess to their services. Examples include sending a tweet or updatingyour status.

Cloud computer system 110 may provide an public cloud service to enablea user to simplify and optimize communication. For example, a servicedeveloper may use the generic web service of MCS 112 to talk to aresource hosted using cloud computer system's 110 cloud service.

In some examples, the computing device 102 can include a mobileapplication. The mobile application can perform one or more operationsusing code included with the mobile application. In some examples, anoperation of the mobile application can include at least one or more ofdisplay content to a user of the computing device 102, receive inputfrom the user, respond to the input from the user, and receive contentfrom a remote system.

FIG. 2 illustrates an example of a server-side application 210. Theserver side application can be included in a MCS (e.g., the MCS 112).The server-side application 210 can include at least one or more of aprogramming interface (e.g., an application programming interface (API)212), custom code 214, and a connector 216. The API 212 can be used toprovide an interface to the server-side application 210 for a mobileapplication. In some examples, the server-side application can include aplurality of APIs.

The custom code 214 (sometimes referred to as software code or usercode) can be one or more instructions, executable by a computer system,to perform operations associated with the server-side application 210.The custom code 214 can be executed (e.g., installed) on a virtualmachine. In some examples a virtual machine can be an emulation of acomputer system. In such examples, the virtual machine can be runningvirtual operating systems, or other computing architectures involvingvirtualization. One or more flexible pools of logical storage devicescan be virtualized to maintain virtual storage devices for the virtualmachine. Virtual networks can be controlled by a server using softwaredefined networking. In some examples, the custom code 214 can include afirst portion of logic associated with a mobile application. In suchexamples, code on the mobile application can include a second portion ofthe logic associated with the mobile application; and code on a backendsystem can include a third portion of the logic associated with themobile application. A person of ordinary skill in the art will recognizethat there can be more or less portions of the logic on more or lesssystems.

The connector 216 can connect the server-side application 210 with abackend system. In some examples, the connector 216 can provide aninterface for the server-side application 210 to the backend system. Insome examples, the connector 216 can also format information receivedfrom the backend system. In some examples, the server-side application210 can include a plurality of connectors.

The metadata 218 can include data utilized at design-time or run-time bythe server-side application 210 or the mobile cloud service environment.For example, the metadata 218 can include (a) policies, governing theexecution of the server-side or mobile application; (b) runtimedependencies between API implementations and connectors; (c) accesscontrol information; (d) API to custom code implementation bindings; (e)connector bindings; (f) the like. Examples of policies can include alogging level policy and a production database URI policy. In someexamples, a logging level policy can define required log levels in ascope of mobile backend, API, or environment. In some examples, aproduction database URI policy can point to one or more databases usedby a server-side application. In some examples, runtime dependencyinformation can specify that an API implementation consumes (e.g., has adependency to) one or more connectors. In such examples, the runtimedependency information can be used to guarantee server-side applicationintegrity during deployment, import, and/or export. In some examples,access control information can specify a list of one or more user rolesthat are allowed to invoke an API. In such examples, the list can bestored in metadata and can be used in design time and/or runtimeoperations. In some examples, an API binding can describe how an APIinteracts with custom code (e.g. what portions of the custom code arecalled by particular APIs). In some examples, a connector binding candescribe which particular implementation of a connector is used duringconnector execution.

In some examples, the API 212 and the custom code 214 can be combinedinto one entity. In other examples, the connector 216 can also becombined into the one entity such that the three components of theserver-side application can be packaged together.

FIG. 3 is a flowchart illustrating an example of a process 300 forcreating a package for a server-side application. In some aspects, theprocess 300 can be performed by a mobile cloud service. Process 300 isillustrated as a logical flow diagram, the operation of which representsa sequence of operations that can be implemented in hardware, computerinstructions, or a combination thereof. In the context of computerinstructions, the operations represent computer-executable instructionsstored on one or more computer-readable storage media that, whenexecuted by one or more processors, perform the recited operations.Generally, computer-executable instructions include routines, programs,objects, components, data structures, and the like that performparticular functions or implement particular data types. The order inwhich the operations are described is not intended to be construed as alimitation, and any number of the described operations can be combinedin any order and/or in parallel to implement the processes.

Additionally, the process 300 can be performed under the control of oneor more computer systems configured with executable instructions and canbe implemented as code (e.g., executable instructions, one or morecomputer programs, or one or more applications) executing collectivelyon one or more processors, by hardware, or combinations thereof. Asnoted above, the code can be stored on a machine-readable storagemedium, for example, in the form of a computer program comprising aplurality of instructions executable by one or more processors. Themachine-readable storage medium can be non-transitory.

At step 310, the process 300 includes selecting one or more entities.The one or more entities can be selected by a user. An entity can be amobile backend. The mobile backend can be an object that is used togroup connectors, APIs, API implementations, and storage collections.The mobile backend can also include security and access credentials forthe mobile backend. An entity can also be one or more of an API, an APIimplementation, a storage collection, or a connector. In some examples,the one or more entities, when combined, can be a server-sideapplication used to perform one or more operations in a mobile cloudservice environment.

At step 320, the process 300 includes analyzing dependencies of the oneor more entities. For example, an entity can have a dependency onanother entity. In addition, items are identified that are required forexecution of the selected one or more entities.

At step 330, the process 300 includes packaging a logical grouping ofthe one or more entities and the dependencies. The logical grouping canprovide context for every invocation. The package can be sent, stored,or shared to the user. In some examples, the package can be importedinto a remote server such that the one or more entities and thedependencies are created in the remote server such that the server-sideapplication can run on the remote server. In some examples, packages canbe combined.

In some examples, the package can include a description of the one ormore entities for identification. The description can include a packagename, a package version, a list of the one or more entities, and apurpose of the package that describes what the package is for. In someexamples, the package can also include bindings that indicate entrypoints for user-defined code. The entry points can be for one or moreAPIs. As described above, the bindings can be metadata.

FIG. 4 is a flowchart illustrating an example of a process 400 forinstalling a package of a server-side application. In some aspects, theprocess 400 can be performed by a mobile cloud service. Process 400 isillustrated as a logical flow diagram, the operation of which representsa sequence of operations that can be implemented in hardware, computerinstructions, or a combination thereof. In the context of computerinstructions, the operations represent computer-executable instructionsstored on one or more computer-readable storage media that, whenexecuted by one or more processors, perform the recited operations.Generally, computer-executable instructions include routines, programs,objects, components, data structures, and the like that performparticular functions or implement particular data types. The order inwhich the operations are described is not intended to be construed as alimitation, and any number of the described operations can be combinedin any order and/or in parallel to implement the processes.

Additionally, the process 400 can be performed under the control of oneor more computer systems configured with executable instructions and canbe implemented as code (e.g., executable instructions, one or morecomputer programs, or one or more applications) executing collectivelyon one or more processors, by hardware, or combinations thereof. Asnoted above, the code can be stored on a machine-readable storagemedium, for example, in the form of a computer program comprising aplurality of instructions executable by one or more processors. Themachine-readable storage medium can be non-transitory.

At step 410, the process 400 includes receiving a package. The packagecan include a logical grouping of one or more entities. An entity can bea mobile backend, an API, an API implementation, a storage collection,and/or a connector. In some examples, the package can include a firstset of files and a second set of files. The first set of files can havelogic for creating an API (e.g., an API definition) and connecting theAPI with a backend service (e.g., a connector). The second set of filescan have software code. The software code can be user-defined code(written in a high level programming language). The API can define entrypoints to the user-defined code. In some examples, the package can alsoinclude bindings that indicate how the API corresponds to the softwarecode. For example, a binding can indicate that a call from the APIcauses a particular portion of the software code to be executed. Thebindings can be metadata.

At step 420, the process 400 includes extracting, from the package, thefirst set of files and the second set of files. In some examples, thepackage can include at least two archive file packages. The contents ofwhich are cross referenced with one another. Each archive file packagecan be associated with a different set of entities. In some examples,the different set of entities can be of a different type.

At step 430, the process 400 includes creating an API using the logic inthe first set of files. The API can be created in a mobile cloud serviceenvironment. At step 440, the process 400 includes connecting the APIwith a backend service in a cloud service using the logic for connectingthe API with a backend system.

At step 450, the process 400 includes executing the software code forthe second set of files in a user space of the cloud service. The userspace of the cloud service can be a target mobile cloud serviceenvironment.

FIG. 5 is a flowchart illustrating an example of a process 500 forresponding to a request to a server-side application from a client-sideapplication on a mobile device. In some aspects, the process 500 can beperformed by a mobile cloud service. Process 500 is illustrated as alogical flow diagram, the operation of which represents a sequence ofoperations that can be implemented in hardware, computer instructions,or a combination thereof. In the context of computer instructions, theoperations represent computer-executable instructions stored on one ormore computer-readable storage media that, when executed by one or moreprocessors, perform the recited operations. Generally,computer-executable instructions include routines, programs, objects,components, data structures, and the like that perform particularfunctions or implement particular data types. The order in which theoperations are described is not intended to be construed as alimitation, and any number of the described operations can be combinedin any order and/or in parallel to implement the processes.

Additionally, the process 500 can be performed under the control of oneor more computer systems configured with executable instructions and canbe implemented as code (e.g., executable instructions, one or morecomputer programs, or one or more applications) executing collectivelyon one or more processors, by hardware, or combinations thereof. Asnoted above, the code can be stored on a machine-readable storagemedium, for example, in the form of a computer program comprising aplurality of instructions executable by one or more processors. Themachine-readable storage medium can be non-transitory.

At step 510, the process 500 includes receiving a request, through afirewall, from a mobile device. The firewall can be associated with amobile cloud service. In some examples, the request can be sent by aclient-side application on the mobile device. The request can include anidentifier of a backend system (or server-side application) that shouldhandle the request. The request can be for content, processing, or someother operation that can be offloaded from the mobile device to a remoteserver.

At step 520, the process 500 includes dispatching the request to thesoftware code using the API according to logic in a first virtualmachine. In some examples, the API can connect with the backend serviceoutside of the firewall. In some examples, the logic in the firstvirtual machine can handle initial resolution of a request to figure outwhere to dispatch the request. For example, the logic in the firstvirtual machine can identify a mobile backend associated with therequest. The logic in the first virtual machine can also identify theAPI. In some examples, the request can be dispatched to a second virtualmachine. The second virtual machine can be where the software code isexecuting. In some examples, the software code can be executing in auser sandbox area, isolated from other portions of the mobile cloudservice.

At step 530, the process 500 includes generating a response to therequest using the software code. The response can be based on logic inthe software code. In some examples, the software code can use backendsystems to generate the response. For example, the software code can usea database to receive information to use to respond to the request.

At step 540, the process 500 includes routing the response from thebackend service to the mobile device. In some examples, the response isrouted from the second virtual machine to the first virtual machine. Thefirst virtual machine can then route the response to the client-sideapplication on the mobile device.

FIG. 6 illustrates an example of relationships between entities. In someexamples, a package (as discussed above) can recreate the relationshipsbetween entities in a mobile cloud service environment such that the oneor more entities can be exported and imported into different mobilecloud service environments.

The example of FIG. 6 includes a policy 620. The policy 620 can be anenvironment-specific configuration. The policy 620 can include one ormore attributes (e.g., name and value). The name can be referenced inthe metadata by given artifacts to add environment specificconfiguration. Examples of policies include session properties andenvironment properties. In some examples, the policy 620 can be selectedautomatically to correspond to one or more selected entities.

The policy 620 can be kept in an environment 620. The environment 620can be associated to different types of environments that a customer canhave. For example, the environment 620 can be a test, development,production, or other type of environment. In some examples, environmentscan be isolated from other environments. In some examples, environmentscan be self-contained (e.g., an environment can include all of its datain a database of the environment. In some examples, the environment 620is not an entity, and cannot be selected nor included in a package. Insuch examples, the package is installed into an environment, whichcauses the environment 620 to be defined.

The policy 620 can be associated with a mobile backend 630. The mobilebackend 630 can be an entity selected by a user or determined throughthe dependency analysis discussed above. The mobile backend 630 caninclude one or more attributes (e.g., name and mobile backend (MBE)token).

The mobile backend 620 can be associated with one or more storagecollections (e.g., a mobile object store (MOS) collection 632 and usercollection 634). In some examples, the mobile backend 620 can use theMOS collection 632. The MOS collection 632 can provide a storagecontainer for the mobile backend 620. The MOS collection 632 can includea framework version number to ensure compatibility across mobile cloudservice patches. The MOS collection 632 can provide a set of userdefined named and versioned collections that are accessible via MOSAPIs.

The one or more storage collections can be examples of instance data.Instance data can be environment specific run-time data. The instancedata is typically created by a customer or framework code at runtime. Insome examples, the instance data can be created at configuration timethrough the use of scripts or specially supported operations. Datainside of the one or more storage collections may or may not be exportedwith a package. The one or more storage collections can be selected by auser or determined through the dependency analysis discussed above.

In some examples, user data in MOS collection 623 can be related byroles to user data in the user collection 634. Such user data is nottypically transferred when exporting the MOS collection 623.

The mobile backend 620 can include an API 638. In some examples, the API638 can be defined by a RESTful API Modeling Language (RAML) documentthat resides in a metadata repository. The API 638 can store the RAMLdocument in an artifact 644. The artifact 644 can be a system internallystoring data. The software code, as described above, can also be storedin the artifact 644. The API 638 can be selected by a user or determinedthrough the dependency analysis discussed above.

The API can include bindings 642 to an API implementation 640. Thebindings 642 can indicate entry points for user-defined code. The entrypoints can be for one or more APIs. The bindings can be metadata. Thebindings 642 can be included in metadata in a package.

The API implementation 640 can implement the API 638. For example, theAPI implementation 642 can provide actual implementation for a versionof the API 638. In some examples, the API implementation 642 can beassociated with the API 638 via the policy 610, resulting in anenvironment level association. Because an environment can have multiplemobile backends deployed, multiple versions of the same API can bedeployed in the environment, resulting in multiple implementationversions being deployed and mapped (via a policy) at any time. The APIimplementation can be selected by a user or determined through thedependency analysis discussed above.

A connector 646 can produce the API 638 and/or the API implementation640. The connector 646 can be a blend of APIs, configuration, and anassociated service/custom code implementation. The connector 646 can beselected by a user or determined through the dependency analysisdiscussed above.

FIG. 7 depicts a simplified diagram of a distributed system 700.Distributed system 700 includes one or more client computing devices702, 704, 706, and 708, which are configured to execute and operate aclient application such as a web browser, proprietary client (e.g.,Oracle Forms), or the like over one or more network(s) 710. Server 712may be communicatively coupled with remote client computing devices 702,704, 706, and 708 via network 710.

In various examples, server 712 may be adapted to run one or moreservices or software applications provided by one or more of thecomponents of the system. The services or software applications caninclude nonvirtual and virtual environments. Virtual environments caninclude those used for virtual events, tradeshows, simulators,classrooms, shopping exchanges, and enterprises, whether two- orthree-dimensional (3D) representations, page-based logical environments,or otherwise. In some examples, these services may be offered asweb-based or cloud services or under a Software as a Service (SaaS)model to the users of client computing devices 702, 704, 706, and/or708. Users operating client computing devices 702, 704, 706, and/or 708may in turn utilize one or more client applications to interact withserver 712 to utilize the services provided by these components.

In the configuration depicted in the figure, the software components718, 720 and 722 of system 700 are shown as being implemented on server712. In other examples, one or more of the components of system 700and/or the services provided by these components may also be implementedby one or more of the client computing devices 702, 704, 706, and/or708. Users operating the client computing devices may then utilize oneor more client applications to use the services provided by thesecomponents. These components may be implemented in hardware, firmware,software, or combinations thereof. It should be appreciated that variousdifferent system configurations are possible, which may be differentfrom distributed system 800. The example shown in the figure is thus oneexample of a distributed system for implementing an example system andis not intended to be limiting.

Client computing devices 702, 704, 706, and/or 708 may be portablehandheld devices (e.g., an iPhone®, cellular telephone, an iPad®,computing tablet, a personal digital assistant (PDA)) or wearabledevices (e.g., a Google Glass® head mounted display), running softwaresuch as Microsoft Windows Mobile®, and/or a variety of mobile operatingsystems such as iOS, Windows Phone, Android, BlackBerry 10, Palm OS, andthe like, and being Internet, e-mail, short message service (SMS),Blackberry®, or other communication protocol enabled. The clientcomputing devices can be general purpose personal computers including,by way of example, personal computers and/or laptop computers runningvarious versions of Microsoft Windows®, Apple Macintosh®, and/or Linuxoperating systems. The client computing devices can be workstationcomputers running any of a variety of commercially-available UNIX® orUNIX-like operating systems, including without limitation the variety ofGNU/Linux operating systems, such as for example, Google Chrome OS.Alternatively, or in addition, client computing devices 702, 704, 706,and 708 may be any other electronic device, such as a thin-clientcomputer, an Internet-enabled gaming system (e.g., a Microsoft Xboxgaming console with or without a Kinect® gesture input device), and/or apersonal messaging device, capable of communicating over network(s) 710.

Although exemplary distributed system 700 is shown with four clientcomputing devices, any number of client computing devices may besupported. Other devices, such as devices with sensors, etc., mayinteract with server 712.

Network(s) 710 in distributed system 700 may be any type of networkfamiliar to those skilled in the art that can support datacommunications using any of a variety of commercially-availableprotocols, including without limitation TCP/IP (transmission controlprotocol/Internet protocol), SNA (systems network architecture), IPX(Internet packet exchange), AppleTalk, and the like. Merely by way ofexample, network(s) 710 can be a local area network (LAN), such as onebased on Ethernet, Token-Ring and/or the like. Network(s) 710 can be awide-area network and the Internet. It can include a virtual network,including without limitation a virtual private network (VPN), anintranet, an extranet, a public switched telephone network (PSTN), aninfra-red network, a wireless network (e.g., a network operating underany of the Institute of Electrical and Electronics (IEEE) 802.11 suiteof protocols, Bluetooth®, and/or any other wireless protocol); and/orany combination of these and/or other networks.

Server 712 may be composed of one or more general purpose computers,specialized server computers (including, by way of example, PC (personalcomputer) servers, UNIX® servers, mid-range servers, mainframecomputers, rack-mounted servers, etc.), server farms, server clusters,or any other appropriate arrangement and/or combination. Server 712 caninclude one or more virtual machines running virtual operating systems,or other computing architectures involving virtualization. One or moreflexible pools of logical storage devices can be virtualized to maintainvirtual storage devices for the server. Virtual networks can becontrolled by server 712 using software defined networking. In variousexamples, server 712 may be adapted to run one or more services orsoftware applications described in the foregoing disclosure. Forexample, server 712 may correspond to a server for performing processingdescribed above according to an example of the present disclosure.

Server 712 may run an operating system including any of those discussedabove, as well as any commercially available server operating system.Server 712 may also run any of a variety of additional serverapplications and/or mid-tier applications, including HTTP (hypertexttransport protocol) servers, FTP (file transfer protocol) servers, CGI(common gateway interface) servers, JAVA® servers, database servers, andthe like. Exemplary database servers include without limitation thosecommercially available from Oracle, Microsoft, Sybase, IBM(International Business Machines), and the like.

In some implementations, server 712 may include one or more applicationsto analyze and consolidate data feeds and/or event updates received fromusers of client computing devices 702, 704, 706, and 708. As an example,data feeds and/or event updates may include, but are not limited to,Twitter® feeds, Facebook® updates or real-time updates received from oneor more third party information sources and continuous data streams,which may include real-time events related to sensor data applications,financial tickers, network performance measuring tools (e.g., networkmonitoring and traffic management applications), clickstream analysistools, automobile traffic monitoring, and the like. Server 712 may alsoinclude one or more applications to display the data feeds and/orreal-time events via one or more display devices of client computingdevices 702, 704, 706, and 708.

Distributed system 700 may also include one or more databases 714 and716. Databases 714 and 716 may reside in a variety of locations. By wayof example, one or more of databases 714 and 716 may reside on anon-transitory storage medium local to (and/or resident in) server 712.Alternatively, databases 714 and 716 may be remote from server 712 andin communication with server 712 via a network-based or dedicatedconnection. In one set of examples, databases 714 and 716 may reside ina storage-area network (SAN). Similarly, any necessary files forperforming the functions attributed to server 712 may be stored locallyon server 712 and/or remotely, as appropriate. In one set of examples,databases 714 and 716 may include relational databases, such asdatabases provided by Oracle, that are adapted to store, update, andretrieve data in response to SQL-formatted commands.

FIG. 8 is a simplified block diagram of one or more components of asystem environment 800 by which services provided by one or morecomponents may be offered as cloud services In the illustrated example,system environment 800 includes one or more client computing devices804, 806, and 808 that may be used by users to interact with a cloudinfrastructure system 802 that provides cloud services. The clientcomputing devices may be configured to operate a client application suchas a web browser, a proprietary client application (e.g., Oracle Forms),or some other application, which may be used by a user of the clientcomputing device to interact with cloud infrastructure system 802 to useservices provided by cloud infrastructure system 802.

It should be appreciated that cloud infrastructure system 802 depictedin the figure may have other components than those depicted. Further,the example shown in the figure is only one example of a cloudinfrastructure system that may incorporate an example of thisdisclosure. In some other examples, cloud infrastructure system 802 mayhave more or fewer components than shown in the figure, may combine twoor more components, or may have a different configuration or arrangementof components.

Client computing devices 804, 806, and 808 may be devices similar tothose described above for 702, 704, 706, and 708. Although exemplarysystem environment 800 is shown with three client computing devices, anynumber of client computing devices may be include a host of servicesthat are made available to users of the cloud infrastructure system ondemand, such as online data storage and backup solutions, Web-basede-mail services, hosted office suites and document collaborationservices, database processing, managed technical support services, andthe like. Services provided by the cloud infrastructure system candynamically scale to meet the needs of its users. A specificinstantiation of a service provided by cloud infrastructure system isreferred to herein as a “service instance.” In general, any service madeavailable to a user via a communication network, such as the Internet,from a cloud service provider's system is referred to as a “cloudservice.” Typically, in a public cloud environment, servers and systemsthat make up the cloud service provider's system are different from thecustomer's own on-premises servers and systems. For example, a cloudservice provider's system may host an application, and a user may, via acommunication network such as the Internet, on demand, order and use theapplication.

In some examples, a service in a computer network cloud infrastructuremay include protected computer network access to storage, a hosteddatabase, a hosted web server, a software application, or other serviceprovided by a cloud vendor to a user, or as otherwise known in the art.For example, a service can include password-protected access to remotestorage on the cloud through the Internet. As another example, a servicecan include a web service-based hosted relational database and ascript-language middleware engine for private use by a networkeddeveloper. As another example, a service can include access to an emailsoftware application hosted on a cloud vendor's web site.

In certain examples, cloud infrastructure system 802 may include a suiteof applications, middleware, and database service offerings that aredelivered to a customer in a self-service, subscription-based,elastically scalable, reliable, highly available, and secure manner. Anexample of such a cloud infrastructure system is the Oracle Public Cloudprovided by the present assignee.

Large volumes of data, sometimes referred to as big data, can be hostedand/or manipulated by the infrastructure system on many levels and atdifferent scales. Such data can include data sets that are so large andcomplex that it can be difficult to process using typical databasemanagement tools or traditional data processing applications. Forexample, terabytes of data may be difficult to store, retrieve, andprocess using personal computers or their rack-based counterparts. Suchsizes of data can be difficult to work with using most currentrelational database management systems and desktop statistics andvisualization packages. They can require massively parallel processingsoftware running thousands of server computers, beyond the structure ofcommonly used software tools, to capture, curate, manage, and processthe data within a tolerable elapsed time.

Extremely large data sets can be stored and manipulated by analysts andresearchers to visualize large amounts of data, detect trends, and/orotherwise interact with the data. Tens, hundreds, or thousands ofprocessors linked in parallel can act upon such data in order to presentit or simulate external forces on the data or what it represents. Thesedata sets can involve structured data, such as that organized in adatabase or otherwise according to a structured model, and/orunstructured data (e.g., emails, images, data blobs (binary largeobjects), web pages, complex event processing). By leveraging an abilityof an example to relatively quickly focus more (or fewer) computingresources upon an objective, the cloud infrastructure system may bebetter available to carry out tasks on large data sets based on demandfrom a business, government agency, research organization, privateindividual, group of like-minded individuals or organizations, or otherentity.

In various examples, cloud infrastructure system 802 may be adapted toautomatically provision, manage and track a customer's subscription toservices offered by cloud infrastructure system 802. Cloudinfrastructure system 802 may provide the cloud services via differentdeployment models. For example, services may be provided under a publiccloud model in which cloud infrastructure system 802 is owned by anorganization selling cloud services (e.g., owned by Oracle) and theservices are made available to the general public or different industryenterprises. As another example, services may be provided under aprivate cloud model in which cloud infrastructure system 802 is operatedsolely for a single organization and may provide services for one ormore entities within the organization. The cloud services may also beprovided under a community cloud model in which cloud infrastructuresystem 802 and the services provided by cloud infrastructure system 802are shared by several organizations in a related community. The cloudservices may also be provided under a hybrid cloud model, which is acombination of two or more different models.

In some examples, the services provided by cloud infrastructure system802 may include one or more services provided under Software as aService (SaaS) category, Platform as a Service (PaaS) category,Infrastructure as a Service (IaaS) category, or other categories ofservices including hybrid services. A customer, via a subscriptionorder, may order one or more services provided by cloud infrastructuresystem 802. Cloud infrastructure system 802 then performs processing toprovide the services in the customer's subscription order.

In some examples, the services provided by cloud infrastructure system802 may include, without limitation, application services, platformservices and infrastructure services. In some examples, applicationservices may be provided by the cloud infrastructure system via a SaaSplatform. The SaaS platform may be configured to provide cloud servicesthat fall under the SaaS category. For example, the SaaS platform mayprovide capabilities to build and deliver a suite of on-demandapplications on an integrated development and deployment platform. TheSaaS platform may manage and control the underlying software andinfrastructure for providing the SaaS services. By utilizing theservices provided by the SaaS platform, customers can utilizeapplications executing on the cloud infrastructure system. Customers canacquire the application services without the need for customers topurchase separate licenses and support. Various different SaaS servicesmay be provided. Examples include, without limitation, services thatprovide solutions for sales performance management, enterpriseintegration, and business flexibility for large organizations.

In some examples, platform services may be provided by the cloudinfrastructure system via a PaaS platform. The PaaS platform may beconfigured to provide cloud services that fall under the PaaS category.Examples of platform services may include without limitation servicesthat enable organizations (such as Oracle) to consolidate existingapplications on a shared, common architecture, as well as the ability tobuild new applications that leverage the shared services provided by theplatform. The PaaS platform may manage and control the underlyingsoftware and infrastructure for providing the PaaS services. Customerscan acquire the PaaS services provided by the cloud infrastructuresystem without the need for customers to purchase separate licenses andsupport. Examples of platform services include, without limitation,Oracle Java Cloud Service (JCS), Oracle Database Cloud Service (DBCS),and others.

By utilizing the services provided by the PaaS platform, customers canemploy programming languages and tools supported by the cloudinfrastructure system and also control the deployed services. In someexamples, platform services provided by the cloud infrastructure systemmay include database cloud services, middleware cloud services (e.g.,Oracle Fusion Middleware services), and Java cloud services. In oneexample, database cloud services may support shared service deploymentmodels that enable organizations to pool database resources and offercustomers a Database as a Service in the form of a database cloud.Middleware cloud services may provide a platform for customers todevelop and deploy various business applications, and Java cloudservices may provide a platform for customers to deploy Javaapplications, in the cloud infrastructure system.

Various different infrastructure services may be provided by an IaaSplatform in the cloud infrastructure system. The infrastructure servicesfacilitate the management and control of the underlying computingresources, such as storage, networks, and other fundamental computingresources for customers utilizing services provided by the SaaS platformand the PaaS platform.

In certain examples, cloud infrastructure system 802 may also includeinfrastructure resources 830 for providing the resources used to providevarious services to customers of the cloud infrastructure system. In oneexample, infrastructure resources 830 may include pre-integrated andoptimized combinations of hardware, such as servers, storage, andnetworking resources to execute the services provided by the PaaSplatform and the SaaS platform.

In some examples, resources in cloud infrastructure system 802 may beshared by multiple users and dynamically re-allocated per demand.Additionally, resources may be allocated to users in different timezones. For example, cloud infrastructure system 930 may enable a firstset of users in a first time zone to utilize resources of the cloudinfrastructure system for a specified number of hours and then enablethe re-allocation of the same resources to another set of users locatedin a different time zone, thereby maximizing the utilization ofresources.

In certain examples, a number of internal shared services 832 may beprovided that are shared by different components or modules of cloudinfrastructure system 802 and by the services provided by cloudinfrastructure system 802. These internal shared services may include,without limitation, a security and identity service, an integrationservice, an enterprise repository service, an enterprise managerservice, a virus scanning and white list service, a high availability,backup and recovery service, service for enabling cloud support, anemail service, a notification service, a file transfer service, and thelike.

In certain examples, cloud infrastructure system 802 may providecomprehensive management of cloud services (e.g., SaaS, PaaS, and IaaSservices) in the cloud infrastructure system. In one example, cloudmanagement functionality may include capabilities for provisioning,managing and tracking a customer's subscription received by cloudinfrastructure system 802, and the like.

In one example, as depicted in the figure, cloud managementfunctionality may be provided by one or more modules, such as an ordermanagement module 820, an order orchestration module 822, an orderprovisioning module 824, an order management and monitoring module 826,and an identity management module 828. These modules may include or beprovided using one or more computers and/or servers, which may begeneral purpose computers, specialized server computers, server farms,server clusters, or any other appropriate arrangement and/orcombination.

In exemplary operation 834, a customer using a client device, such asclient device 804, 806 or 808, may interact with cloud infrastructuresystem 802 by requesting one or more services provided by cloudinfrastructure system 802 and placing an order for a subscription forone or more services offered by cloud infrastructure system 802. Incertain examples, the customer may access a cloud User Interface (UI),cloud UI 812, cloud UI 814 and/or cloud UI 816 and place a subscriptionorder via these UIs. The order information received by cloudinfrastructure system 802 in response to the customer placing an ordermay include information identifying the customer and one or moreservices offered by the cloud infrastructure system 802 that thecustomer intends to subscribe to.

After an order has been placed by the customer, the order information isreceived via the cloud UIs, 812, 814 and/or 816.

At operation 836, the order is stored in order database 818. Orderdatabase 818 can be one of several databases operated by cloudinfrastructure system 818 and operated in conjunction with other systemelements.

At operation 838, the order information is forwarded to an ordermanagement module 820. In some instances, order management module 820may be configured to perform billing and accounting functions related tothe order, such as verifying the order, and upon verification, bookingthe order.

At operation 840, information regarding the order is communicated to anorder orchestration module 822. Order orchestration module 822 mayutilize the order information to orchestrate the provisioning ofservices and resources for the order placed by the customer. In someinstances, order orchestration module 822 may orchestrate theprovisioning of resources to support the subscribed services using theservices of order provisioning module 824.

In certain examples, order orchestration module 822 enables themanagement of business processes associated with each order and appliesbusiness logic to determine whether an order should proceed toprovisioning. At operation 842, upon receiving an order for a newsubscription, order orchestration module 822 sends a request to orderprovisioning module 824 to allocate resources and configure thoseresources needed to fulfill the subscription order. Order provisioningmodule 824 enables the allocation of resources for the services orderedby the customer. Order provisioning module 824 provides a level ofabstraction between the cloud services provided by cloud infrastructuresystem 800 and the physical implementation layer that is used toprovision the resources for providing the requested services. Orderorchestration module 822 may thus be isolated from implementationdetails, such as whether or not services and resources are actuallyprovisioned on the fly or pre-provisioned and only allocated/assignedupon request.

At operation 844, once the services and resources are provisioned, anotification of the provided service may be sent to customers on clientdevices 804, 806 and/or 808 by order provisioning module 824 of cloudinfrastructure system 802.

At operation 846, the customer's subscription order may be managed andtracked by an order management and monitoring module 826. In someinstances, order management and monitoring module 826 may be configuredto collect usage statistics for the services in the subscription order,such as the amount of storage used, the amount data transferred, thenumber of users, and the amount of system up time and system down time.

In certain examples, cloud infrastructure system 800 may include anidentity management module 828. Identity management module 828 may beconfigured to provide identity services, such as access management andauthorization services in cloud infrastructure system 800. In someexamples, identity management module 828 may control information aboutcustomers who wish to utilize the services provided by cloudinfrastructure system 802. Such information can include information thatauthenticates the identities of such customers and information thatdescribes which actions those customers are authorized to performrelative to various system resources (e.g., files, directories,applications, communication ports, memory segments, etc.) Identitymanagement module 828 may also include the management of descriptiveinformation about each customer and about how and by whom thatdescriptive information can be accessed and modified.

FIG. 9 illustrates an exemplary computer system 900, in which variousexamples of the present invention may be implemented. The system 900 maybe used to implement any of the computer systems described above. Asshown in the figure, computer system 900 includes a processing unit 904that communicates with a number of peripheral subsystems via a bussubsystem 902. These peripheral subsystems may include a processingacceleration unit 906, an I/O subsystem 908, a storage subsystem 918 anda communications subsystem 924. Storage subsystem 918 includes tangiblecomputer-readable storage media 922 and a system memory 910.

Bus subsystem 902 provides a mechanism for letting the variouscomponents and subsystems of computer system 900 communicate with eachother as intended. Although bus subsystem 902 is shown schematically asa single bus, alternative examples of the bus subsystem may utilizemultiple buses. Bus subsystem 902 may be any of several types of busstructures including a memory bus or memory controller, a peripheralbus, and a local bus using any of a variety of bus architectures. Forexample, such architectures may include an Industry StandardArchitecture (ISA) bus, Micro Channel Architecture (MCA) bus, EnhancedISA (EISA) bus, Video Electronics Standards Association (VESA) localbus, and Peripheral Component Interconnect (PCI) bus, which can beimplemented as a Mezzanine bus manufactured to the IEEE P1386.1standard.

Processing unit 904, which can be implemented as one or more integratedcircuits (e.g., a conventional microprocessor or microcontroller),controls the operation of computer system 900. One or more processorsmay be included in processing unit 904. These processors may includesingle core or multicore processors. In certain examples, processingunit 904 may be implemented as one or more independent processing units932 and/or 934 with single or multicore processors included in eachprocessing unit. In other examples, processing unit 904 may also beimplemented as a quad-core processing unit formed by integrating twodual-core processors into a single chip.

In various examples, processing unit 904 can execute a variety ofprograms in response to program code and can maintain multipleconcurrently executing programs or processes. At any given time, some orall of the program code to be executed can be resident in processor(s)904 and/or in storage subsystem 918. Through suitable programming,processor(s) 904 can provide various functionalities described above.Computer system 900 may additionally include a processing accelerationunit 906, which can include a digital signal processor (DSP), aspecial-purpose processor, and/or the like.

I/O subsystem 908 may include user interface input devices and userinterface output devices. User interface input devices may include akeyboard, pointing devices such as a mouse or trackball, a touchpad ortouch screen incorporated into a display, a scroll wheel, a click wheel,a dial, a button, a switch, a keypad, audio input devices with voicecommand recognition systems, microphones, and other types of inputdevices. User interface input devices may include, for example, motionsensing and/or gesture recognition devices such as the Microsoft Kinect®motion sensor that enables users to control and interact with an inputdevice, such as the Microsoft Xbox® 360 game controller, through anatural user interface using gestures and spoken commands. Userinterface input devices may also include eye gesture recognition devicessuch as the Google Glass® blink detector that detects eye activity(e.g., ‘blinking’ while taking pictures and/or making a menu selection)from users and transforms the eye gestures as input into an input device(e.g., Google Glass®). Additionally, user interface input devices mayinclude voice recognition sensing devices that enable users to interactwith voice recognition systems (e.g., Siri® navigator), through voicecommands.

User interface input devices may also include, without limitation, threedimensional (3D) mice, joysticks or pointing sticks, gamepads andgraphic tablets, and audio/visual devices such as speakers, digitalcameras, digital camcorders, portable media players, webcams, imagescanners, fingerprint scanners, barcode reader 3D scanners, 3D printers,laser rangefinders, and eye gaze tracking devices. Additionally, userinterface input devices may include, for example, medical imaging inputdevices such as computed tomography, magnetic resonance imaging,position emission tomography, medical ultrasonography devices. Userinterface input devices may also include, for example, audio inputdevices such as MIDI keyboards, digital musical instruments and thelike.

User interface output devices may include a display subsystem, indicatorlights, or non-visual displays such as audio output devices, etc. Thedisplay subsystem may be a cathode ray tube (CRT), a flat-panel device,such as that using a liquid crystal display (LCD) or plasma display, aprojection device, a touch screen, and the like. In general, use of theterm “output device” is intended to include all possible types ofdevices and mechanisms for outputting information from computer system900 to a user or other computer. For example, user interface outputdevices may include, without limitation, a variety of display devicesthat visually convey text, graphics and audio/video information such asmonitors, printers, speakers, headphones, automotive navigation systems,plotters, voice output devices, and modems.

Computer system 900 may comprise a storage subsystem 918 that comprisessoftware elements, shown as being currently located within a systemmemory 910. System memory 910 may store program instructions that areloadable and executable on processing unit 904, as well as datagenerated during the execution of these programs.

Depending on the configuration and type of computer system 900, systemmemory 910 may be volatile (such as random access memory (RAM)) and/ornon-volatile (such as read-only memory (ROM), flash memory, etc.) TheRAM typically contains data and/or program modules that are immediatelyaccessible to and/or presently being operated and executed by processingunit 904. In some implementations, system memory 910 may includemultiple different types of memory, such as static random access memory(SRAM) or dynamic random access memory (DRAM). In some implementations,a basic input/output system (BIOS), containing the basic routines thathelp to transfer information between elements within computer system900, such as during start-up, may typically be stored in the ROM. By wayof example, and not limitation, system memory 910 also illustratesapplication programs 912, which may include client applications, Webbrowsers, mid-tier applications, relational database management systems(RDBMS), etc., program data 914, and an operating system 916. By way ofexample, operating system 916 may include various versions of MicrosoftWindows®, Apple Macintosh®, and/or Linux operating systems, a variety ofcommercially-available UNIX® or UNIX-like operating systems (includingwithout limitation the variety of GNU/Linux operating systems, theGoogle Chrome® OS, and the like) and/or mobile operating systems such asiOS, Windows® Phone, Android® OS, BlackBerry® 10 OS, and Palm® OSoperating systems.

Storage subsystem 918 may also provide a tangible computer-readablestorage medium for storing the basic programming and data constructsthat provide the functionality of some examples. Software (programs,code modules, instructions) that when executed by a processor providethe functionality described above may be stored in storage subsystem918. These software modules or instructions may be executed byprocessing unit 904. Storage subsystem 918 may also provide a repositoryfor storing data used in accordance with the present invention.

Storage subsystem 900 may also include a computer-readable storage mediareader 920 that can further be connected to computer-readable storagemedia 922. Together and, optionally, in combination with system memory910, computer-readable storage media 922 may comprehensively representremote, local, fixed, and/or removable storage devices plus storagemedia for temporarily and/or more permanently containing, storing,transmitting, and retrieving computer-readable information.

Computer-readable storage media 922 containing code, or portions ofcode, can also include any appropriate media known or used in the art,including storage media and communication media, such as but not limitedto, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information. This can include tangible, non-transitorycomputer-readable storage media such as RAM, ROM, electronicallyerasable programmable ROM (EEPROM), flash memory or other memorytechnology, CD-ROM, digital versatile disk (DVD), or other opticalstorage, magnetic cassettes, magnetic tape, magnetic disk storage orother magnetic storage devices, or other tangible computer readablemedia. When specified, this can also include nontangible, transitorycomputer-readable media, such as data signals, data transmissions, orany other medium which can be used to transmit the desired informationand which can be accessed by computing system 900.

By way of example, computer-readable storage media 922 may include ahard disk drive that reads from or writes to non-removable, nonvolatilemagnetic media, a magnetic disk drive that reads from or writes to aremovable, nonvolatile magnetic disk, and an optical disk drive thatreads from or writes to a removable, nonvolatile optical disk such as aCD ROM, DVD, and Blu-Ray® disk, or other optical media.Computer-readable storage media 1022 may include, but is not limited to,Zip® drives, flash memory cards, universal serial bus (USB) flashdrives, secure digital (SD) cards, DVD disks, digital video tape, andthe like. Computer-readable storage media 1022 may also include,solid-state drives (SSD) based on non-volatile memory such asflash-memory based SSDs, enterprise flash drives, solid state ROM, andthe like, SSDs based on volatile memory such as solid state RAM, dynamicRAM, static RAM, DRAM-based SSDs, magnetoresistive RAM (MRAM) SSDs, andhybrid SSDs that use a combination of DRAM and flash memory based SSDs.The disk drives and their associated computer-readable media may providenon-volatile storage of computer-readable instructions, data structures,program modules, and other data for computer system 900.

Communications subsystem 924 provides an interface to other computersystems and networks. Communications subsystem 924 serves as aninterface for receiving data from and transmitting data to other systemsfrom computer system 900. For example, communications subsystem 924 mayenable computer system 900 to connect to one or more devices via theInternet. In some examples communications subsystem 924 can includeradio frequency (RF) transceiver components for accessing wireless voiceand/or data networks (e.g., using cellular telephone technology,advanced data network technology, such as 3G, 4G or EDGE (enhanced datarates for global evolution), WiFi (IEEE 802.11 family standards, orother mobile communication technologies, or any combination thereof),global positioning system (GPS) receiver components, and/or othercomponents. In some examples communications subsystem 924 can providewired network connectivity (e.g., Ethernet) in addition to or instead ofa wireless interface.

In some examples, communications subsystem 924 may also receive inputcommunication in the form of structured and/or unstructured data feeds926, event streams 928, event updates 930, and the like on behalf of oneor more users who may use computer system 900.

By way of example, communications subsystem 924 may be configured toreceive data feeds 926 in real-time from users of social media networksand/or other communication services such as Twitter® feeds, Facebook®updates, web feeds such as Rich Site Summary (RSS) feeds, and/orreal-time updates from one or more third party information sources.

Additionally, communications subsystem 924 may also be configured toreceive data in the form of continuous data streams, which may includeevent streams 928 of real-time events and/or event updates 930, that maybe continuous or unbounded in nature with no explicit end. Examples ofapplications that generate continuous data may include, for example,sensor data applications, financial tickers, network performancemeasuring tools (e.g. network monitoring and traffic managementapplications), clickstream analysis tools, automobile trafficmonitoring, and the like.

Communications subsystem 924 may also be configured to output thestructured and/or unstructured data feeds 926, event streams 928, eventupdates 930, and the like to one or more databases that may be incommunication with one or more streaming data source computers coupledto computer system 900.

Computer system 900 can be one of various types, including a handheldportable device (e.g., an iPhone® cellular phone, an iPad® computingtablet, a PDA), a wearable device (e.g., a Google Glass® head mounteddisplay), a PC, a workstation, a mainframe, a kiosk, a server rack, orany other data processing system.

Due to the ever-changing nature of computers and networks, thedescription of computer system 900 depicted in the figure is intendedonly as a specific example. Many other configurations having more orfewer components than the system depicted in the figure are possible.For example, customized hardware might also be used and/or particularelements might be implemented in hardware, firmware, software (includingapplets), or a combination. Further, connection to other computingdevices, such as network input/output devices, may be employed. Based onthe disclosure and teachings provided herein, a person of ordinary skillin the art will appreciate other ways and/or methods to implement thevarious examples.

In the foregoing specification, aspects are described with reference tospecific examples thereof, but those skilled in the art will recognizethat the description is not limited thereto. Various features andaspects described above may be used individually or jointly. Further,examples can be utilized in any number of environments and applicationsbeyond those described herein without departing from the broader spiritand scope of the specification. The specification and drawings are,accordingly, to be regarded as illustrative rather than restrictive.

What is claimed is:
 1. A method for introducing a pre-formed instructionset to a mobile cloud service, the method comprising: extracting, froman archive file package, a first set of files and a second set of files,the first set of files having logic for creating an applicationprogramming interface (API) and connecting the API with a backendservice, the second set of files having software code; creating an APIusing the logic in the first set of files; connecting the API with abackend service in a cloud service using the logic for connecting theAPI with a backend service; and executing the software code of thesecond set of files in a user space of the cloud service.
 2. The methodof claim 1, further comprising: receiving a request, through a firewall,from a mobile device; dispatching the request to the software code usingthe API according to logic in a first virtual machine, the APIconnecting with the backend service outside of the firewall; andgenerating a response to the request using the software code, whereinthe software code is in a second virtual machine, wherein the softwarecode is in a user sandbox area; routing the response from the backendservice to the mobile device.
 3. The method of claim 2, wherein therequest is sent by a client-side application on the mobile device. 4.The method of claim 1, wherein the package comprises at least twoarchive file packages, the contents of which are cross referenced withone another.
 5. The method of claim 1, further comprising: receiving thearchive file package from a remote device.
 6. The method of claim 1,wherein the software code is user defined.
 7. The method of claim 1,wherein the user space isolates the software code from other portions ofthe cloud service.
 8. A system for introducing a pre-formed instructionset to a mobile cloud service, the system comprising: one or moreprocessors; and a non-transitory computer-readable medium containinginstructions that, when executed by the one or more processors, causethe one or more processors to perform operations including: extract,from an archive file package, a first set of files and a second set offiles, the first set of files having logic for creating an applicationprogramming interface (API) and connecting the API with a backendservice, the second set of files having software code; create an APIusing the logic in the first set of files; connect the API with abackend service in a cloud service using the logic for connecting theAPI with a backend service; and execute the software code of the secondset of files in a user space of the cloud service.
 9. The system ofclaim 8, further comprising instructions that, when executed by the oneor more processors, cause the one or more processors to performoperations including: receive a request, through a firewall, from amobile device; dispatch the request to the software code using the APIaccording to logic in a first virtual machine, the API connecting withthe backend service outside of the firewall; and generate a response tothe request using the software code, wherein the software code is in asecond virtual machine, wherein the software code is in a user sandboxarea; route the response from the backend service to the mobile device.10. The system of claim 9, wherein the request is sent by a client-sideapplication on the mobile device.
 11. The system of claim 9, wherein thepackage comprises at least two archive file packages, the contents ofwhich are cross referenced with one another.
 12. The system of claim 9,further comprising instructions that, when executed by the one or moreprocessors, cause the one or more processors to perform operationsincluding: receive the archive file package from a remote device. 13.The system of claim 9, wherein the software code is user defined
 14. Thesystem of claim 9, wherein the user space isolates the software codefrom other portions of the cloud service.
 15. A computer readable mediumstoring one or more instructions that, upon execution by one or moreprocessors, cause the one or more processors to: extract, from anarchive file package, a first set of files and a second set of files,the first set of files having logic for creating an applicationprogramming interface (API) and connecting the API with a backendservice, the second set of files having software code; create an APIusing the logic in the first set of files; connect the API with abackend service in a cloud service using the logic for connecting theAPI with a backend service; and execute the software code of the secondset of files in a user space of the cloud service.
 16. The computerreadable medium of claim 15, further storing one or more instructionsthat, upon executed by the one or more processors, cause the one or moreprocessors to: receive a request, through a firewall, from a mobiledevice; dispatching the request to the software code using the APIaccording to logic in a first virtual machine, the API connecting withthe backend service outside of the firewall; and generate a response tothe request using the software code, wherein the software code is in asecond virtual machine, wherein the software code is in a user sandboxarea; route the response from the backend service to the mobile device.17. The computer readable medium of claim 16, wherein the request issent by a client-side application on the mobile device.
 18. The computerreadable medium of claim 16, wherein the package comprises at least twoarchive file packages, the contents of which are cross referenced withone another.
 19. The computer readable medium of claim 16, furtherstoring one or more instructions that, upon executed by the one or moreprocessors, cause the one or more processors to: receive the archivefile package from a remote device.
 20. The computer readable medium ofclaim 16, wherein the user space isolates the software code from otherportions of the cloud service.